DO NOT POST SUBSCRIPTIONS, KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM

Hi,

I have this form with some simple tools used by helpdesk.
Now I'd need to query a SQL database in a function of the form, but helpdesk doesn't have the rights to do so. How can I (safely) run this command without putting the password cleartext in the original code?

I've been in your shoes before - my instance was I had a set of commands that had to run under different user accounts depending on the domain being interacted with - and the main form had to run as the logged in user. This also included interacting with SQL databases.

A workable way would to take the bit of code that interacts with the sql database and package that as an exe running under the necessary windows account - and the main form runs only under the standard user account. This limits what can be done with this other account. Just pass in the data you need as parameters to the background exe. Getting the data back to the form is a little more tricky - but there are a few ways to do that as well. I ended up needing to return objects so I exported the information as a clixml file, with a standard naming convention based on username and function so that the person running the script would always get their file back. I didn't have to worry about sensitive information being returned so this worked - if you do have to worry about information being returned that shouldn't be stored in plain text then you will need to figure out a different method for getting the data back.

jobs or packaged separate exe files - either one will get what you want. One consideration with using jobs - make sure not to store the password in plain text in the script. With script logging or transcription - that will be exposed.

There is no safe way to store an Admin password in a user session. If a user can use a password then they can decode the password. Using an EXE package uses a different form of encrypting to hide the password making it much more difficult for a user or any code running in a user session to decode the password.